W32/Lovgate@M Last Updated 2/24/03 1:30PM
CIT has recieved inquiries regarding the w32/Lovgate@M virus. W32/Lovgate@M is an email worm that replies to messages in the infected client's inbox using its own smtp engine. It sends a copy of itself disguised as an automated reply. The worm also spreads through open network shares.
In email form, W32/Lovgate@M appears as follows:
The body contains:
Wherever.com account auto-reply:
' I'll try to reply as soon as possible.
Take a look at the attachment and send me your opinion!'
>Get your Free wherever.com account now! <
Wherever.com is the domain used by the infected client.
The attachment may be one of the following:
- billgt.exe
- Card.EXE
- docs.exe
- fun.exe
- hamster.exe
- humor.exe
- images.exe
- joke.exe
- midsong.exe
- news_doc.exe
- pics.exe
- PsPGame.exe
- s3msong.exe
- searchURL.exe
- SETUP.EXE
- tamagotxi.exe
All inbound smtp traffic is being scanned.
NAI has released 4249 DAT/SuperDat that can be downloaded here to detect and remove W32/Lovgate@M.
The 2/24/03 and later definitions released by Symantec will detect and remove W32/Lovgate@M. Definitions are available through the LiveUpdate feature of Norton Antivirus.
For more information see:
http://vil.nai.com/vil/content/v_100072.htm from NAI.
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.c@mm.html from Symantec.
This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.
|